Homework Sourse Homework Sourse

Q1 Suppose Alice and Bob are communicating over an SSL sessi

Q1) Suppose Alice and Bob are communicating over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a fake TCP segment into a packet stream with correct TCP checksum and sequence number (and correct IP address and port numbers). Will SSL at the receiving side accept the fake packet and pass the payload to the receiving application? Why or why not?


Q2) Ahmed is trying to purchase a book from Amazon. He proceeds to the checkout page where he is prompted to enter his credit card number. He notices that the URL is changed to “HTTPS://”. He enters his credit card information and completes his transaction.
Describe the steps (in application and transport layers) taken between his web client and Amazon’s server to ensure the confidentiality of his credit card information.

Solution

Q1-NO SSL will not accept the fake packet because Preshared key is the must to decrypt the data.The whole mechanism works like , SSL session is formed between Client-Server and Client-Client. When SSL negotiation takes place it prepare minimum two files Private key and Certificate.Key and Secrets during RSA SSL negotiation between Client and Client is a handshake where we need SSL version number, cipher settings, session-specific data but the most importatnt is Private Key.So without the preshared key packets will not be decrypted and encrypted.

Q2-In transport layer TCP protocol will be used as it is connection oriented and secured by three way hand shaking between the Amazon server and the client.In application layer browser opens in secured shell and opens port 8080 with the Amazon server.In transport layer with the help of three way hand shaking there is a tunnel formed between the client and Amazon server .In TCP we have sequence number and acknowledgement number which ensure the packet delivery between two nodes.window size and flags ensures accurate packet delivery.So Port 8080 and TCP protocol make sure the transaction between the client and the server.

Q1) Suppose Alice and Bob are communicating over an SSL session. Suppose an attacker, who does not have any of the shared keys, inserts a fake TCP segment into

Get Help Now

Submit a Take Down Notice
Tutor
Tutor: Dr Jack
Most rated tutor on our site